[unisog] How Many Using RT/RTIR For Incident Reporting & Tracking?
phil.rodrigues at nyu.edu
Sat Apr 1 14:39:54 GMT 2006
Valdis.Kletnieks at vt.edu wrote:
> What *I* want to know is how the 5 of them handled 5,000 incidents in 5
> months. That's 200 per person per month - assuming 4 50-hour work weeks in
> a month, they have to close out an incident an hour on the average.
Our actual acted upon total was much lower than that, only about 70 per
person per month. (After we throw away a little bit of spam, some
automated ticket notifications from other systems, and things we simply
do not care about.)
However, we are the people that detect the majority of the incidents in
our network, as do a lot of IT Security offices I would imagine. But
when the detection of the incident is by an automated system, the ticket
is created by an automated system, and the notification of the
responsible party is by an automated system - each incident does take
very little human time.
There are certainly burst events when a single person handles 200
incidents in the week they are on-call. I'd guess 100 of those get
created and mailed automatically, leaving the human to answer questions
about them and follow up on them. RT helps us keep track of all of
those tickets, and make sure they all get resolved.
RT was the perfect glue in the middle of our ongoing automated detection
and notification systems. It was open enough and stable enough for us
to integrate in our other processes. And if we needed help there was a
responsive company on the other end of the line who could give us some
More information about the unisog